On Tue, Jun 12, 2018 at 08:09:18AM -0400, anish10dec wrote:

Hi there,

> There is requirement for token authentication using two secret key i.e
> primary and secondary secret for location block.

If this is the same scenario as in
https://forum.nginx.org/read.php?2,275668 and in
https://forum.nginx.org/read.php?2,278063 then I'm pretty sure that the
answer is the same as those times.

> If token with first secret gives 405, then to generate the token with second
> secret to allow the request.

There is a suggested untested config in an earlier response. Does it
work for you?

> This is required for changing the Secret Key in production on server so that
> partial user will be allowed with old secret and some with new secret for
> meanwhile till secret is updated on all servers and client.

If the client knows it, it's not a secret.

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx